πŸ”AI RiskAtlas
← Scenario library

The Invisible Webpage Command

A shopping page tells the agent to do something the user never asked for

Technique first revealed 23 Feb 2023

Computer-Use Agent
UntrustedAgent coreOversightControlled computer + untrusted webgoalπŸ§‘UserπŸŽ›οΈOrchestrator /Agent Loop🧠Vision-LanguageModelπŸ”Identity &PermissionsπŸ”§Action Executorβœ‹Human ApprovalGateπŸ–₯️Computer /Browser🌐UntrustedContentπŸ“Audit Logging🌐Maliciouslisting
InstructionsDataActionsControl / decisionFeedback / logs
πŸ‘† Click a component to inspect
SetupStep 1 / 6

A perfectly ordinary errand

The user opens their computer-use agent and asks it to do some shopping: find a good standing desk under $400 and add it to the cart. They're already signed in to the store, their email, and their bank in this browser β€” the agent shares all of that, just like a person sitting at the keyboard would.

πŸ’¬User's requestprompt
Find me a good height-adjustable standing desk under $400 with fast shipping, and add the best option to my cart so I can check out. Thanks!

AI RiskAtlas is an educational model of how GenAI & agentic systems work and fail. Architectures and payloads are illustrative and simplified for learning β€” not operational guidance. Real-world cases are summarised from public reporting.

Sources & further reading β†’Β·Built by Shi Yuan β†—